]> git.ipfire.org Git - thirdparty/nftables.git/commitdiff
projects / thirdparty / nftables.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2baf59c)
netlink: fix use-after-free netlink_events_cache_deltable()
authorPablo Neira Ayuso <pablo@netfilter.org>
Tue, 16 Jun 2015 16:10:53 +0000 (18:10 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Tue, 16 Jun 2015 16:11:15 +0000 (18:11 +0200)
h.table stores a pointer to a nftnl table object that is gone just after
assignment. Release this object once its content is not referenced anymore.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
src/netlink.c patch | blob | blame | history

diff --git a/src/netlink.c b/src/netlink.c
index 1167c9516ad19c77775c74cc010bc8789b356349..429eed403327e683808f566867435d4a9b4dc779 100644 (file)
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -1982,14 +1982,15 @@ static void netlink_events_cache_deltable(struct netlink_mon_handler *monh,
        nlt      = netlink_table_alloc(nlh);
        h.family = nft_table_attr_get_u32(nlt, NFT_TABLE_ATTR_FAMILY);
        h.table  = nft_table_attr_get_str(nlt, NFT_TABLE_ATTR_NAME);
-       nft_table_free(nlt);
 
        t = table_lookup(&h);
        if (t == NULL)
-               return;
+               goto out;
 
        list_del(&t->list);
        table_free(t);
+out:
+       nft_table_free(nlt);
 }
 
 static void netlink_events_cache_addset(struct netlink_mon_handler *monh,
Mirror of git://git.netfilter.org/nftables